Fallos del tipo CWE-94

3766 resultados
CVE-2024-11038HIGHWPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_formEPSS 0.6%CVE-2025-12733HIGHImport any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional LogicEPSS 0.6%CVE-2026-31048CRITICALAn issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string EPSS 0.6%CVE-2021-47938HIGHImpressCMS 1.4.2 Remote Code Execution via AutotasksEPSS 0.6%CVE-2023-41503CRITICALStudent Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.EPSS 0.6%CVE-2026-30643CRITICALAn issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.EPSS 0.6%CVE-2024-44724HIGHAutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulneraEPSS 0.6%CVE-2025-9517HIGHatec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code ExecutionEPSS 0.6%CVE-2024-5834MEDIUMInappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a craftEPSS 0.6%CVE-2025-23296HIGHNVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A EPSS 0.6%CVE-2026-20892HIGHCode injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbiEPSS 0.6%CVE-2026-22771HIGHEnvoy Extension Policy lua scripts injection causes arbitrary command executionEPSS 0.6%CVE-2026-36340HIGHAn issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email functionEPSS 0.6%CVE-2024-43388HIGHPhoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devicesEPSS 0.6%CVE-2022-3245MEDIUM Code Injection in display of tag title on saving tags in microweber/microweberEPSS 0.6%CVE-2024-8479HIGHSimple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.6%CVE-2025-1509HIGHShow Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.6%CVE-2023-39956MEDIUMElectron: Out-of-package code execution when launched with arbitrary cwdEPSS 0.6%CVE-2025-5150MEDIUMdocarray Web API torch_dataset.py __getitem__ prototype pollutionEPSS 0.6%CVE-2025-0806MEDIUMcode-projects Job Recruitment _call_job_search_ajax.php cross site scriptingEPSS 0.6%